Episodes

When it comes to IoT security, legal action is "a matter of when not if."
That's according to Ijay Palansky, an attorney in Armstrong Teasdale's Litigation practice group, represented plaintiffs and class members who alleged in the infamous 2015 Jeep hacking class-action lawsuit that the 3G “infotainment” center in those cars were vulnerable to hacking.
Threatpost talked to Palansky about impending IoT legal issues and what to expect.

Threatpost's Lindsey O'Donnell speaks with Troy Hunt, a web security expert and the owner of Have I Been Pwned (HIBP).
Hunt talks about HIBP's partnership with Mozilla Firefox and Cloudflare; trends he's seeing with data breaches; and how the view of responsibilities behind strong passwords is changing.

A “critical water utility” has been victim of a ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East coast of the U.S.
The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a “sophisticated ransomware attack… has left the utility with limited computer capabilities.” While customer data was not compromised as part of the attack, the lack of computing ability will impact the timeliness of service from ONWASA “for several...

Lindsey O'Donnell discusses Synopsys’ ninth annual Building Security in Maturity Model report (BSIMM9) released Tuesday.
The report revealed an emerging new dynamic for software security professionals. Synopsys' Gary McGraw, vice president of security technology, breaks down the top takeaways from the report and what was most surprising.

Threatpost's Lindsey O'Donnell and Tom Spring discuss this week's biggest news - including a breakthrough Bloomberg report that China infiltrated Supermicro motherboards, as well as a report that said that 83 percent of home and office router brands have vulnerabilities.

The Threatpost team talks about the biggest news from this past week, including a Windows zero-day flaw outed on Twitter, Yahoo's email ad-targeting privacy snafu, and crashing mobile apps that leak private data.

Security researcher Troy Mursch, of the Bad Packets Report, comes onto the Threatpost Podcast to discuss recent cryptojacking campaigns and why these types of malicious cryptomining attacks are on the rise.

Bugcrowd has had a busy summer. Recently, the bug bounty company partnered with HP to launch the first-ever bug bounty program for printers, with rewards of up to $10,000 for discovered vulnerabilities.
Bugcrowd also recently announced Disclose.io, an open-sourced project to standardize best practices for providing a safe harbor for security researchers within bug bounty and vulnerability disclosure programs (VDPs).
Threatpost talked to Casey Ellis, Bugcrowd founder and CTO, about big...

Las Vegas was filled with researchers, executives, and hackers last week for the Black Hat USA and DEF CON 2018 conferences.
Among the most interesting topics at the shows included IoTand connected cars, election votinghacks, and a flurry of other news topics and sessions outlining the newest threats, vulnerabilities, and cybersecurity best practices.
Threatpost's Lindsey O'Donnell and Tara Seals talk about their favorite parts of the show.

Threatpost talks to Matt Tyrer with Commvault about the recent COSCO ransomware attack. Tyrer discusses the biggest lessons learned from the incident, COSCO's response, and best practices in preventing ransomware attacks.

Threatpost's Tom Spring and Lindsey O'Donnell sit down to discuss the biggest news of the week - including COSCO being hit by a ransomware attack, Adobe Flash being discussed by the U.S. government, and more Facebook drama.